<?php #//v.3.3.0
#///////////////////////////////////////////////////////
#// COPYRIGHT 2007 Phpauction.org ALL RIGHTS RESERVED //
#///////////////////////////////////////////////////////




// Connect to sql server & inizialize configuration variables
require('./includes/config.inc.php');

if (!isset($_POST['id']) && !isset($_GET['id'])) {
	$id = intval($_SESSION["CURRENT_ITEM"]);
} else {
	$_SESSION["CURRENT_ITEM"]=$_GET['id'];
}

if ($_SESSION["PHPAUCTION_LOGGED_IN"]) {

  $id2 = $_SESSION["PHPAUCTION_LOGGED_IN"];
                                



                                   $query_title1 = "select email, name from PHPAUCTIONXL_users where id=$id2";
                             $query_title2 =  mysql_query ($query_title1);
                                $email = mysql_result($query_title2,0,"email");
                                   $name= mysql_result($query_title2,0,"name");
                                                                                       }
                                                                                       
                                                                                    
                                                                                       
                                     $query_settings = "select * from PHPAUCTIONXL_version_2_0 where id='1'";
                             $query_settings2 =  mysql_query ($query_settings);
                                $free_sign_up_bids = mysql_result($query_settings2,0,"raf_bids");
                                                                                  
$TPL_error_text = "";
$TPL_auction_id = $_REQUEST['id'];
$TPL_friend_name_value = $_POST['friend_name'];
$TPL_friend_email_value = $_POST['friend_email'];
$TPL_sender_name_value = $_POST['sender_name'];
$TPL_sender_email_value = $_POST['sender_email'];
$TPL_sender_comment_value = $_POST['sender_comment'];


$auction_id = $_REQUEST['id'];
$friend_name = $_POST['friend_name'];
$friend_email = $_POST['friend_email'];
$sender_name = $_POST['sender_name'];
$sender_email = $_POST['sender_email'];
$sender_comment = $_POST['sender_comment'];
$item_title = $_POST['item_title'];

//--Get item data
$query = "select title,category from PHPAUCTIONXL_auctions where id=".intval($_GET['id']);
$result = mysql_query($query);
if(!$result) {
	MySQLError($query);
	exit;
} elseif(mysql_num_rows($result) > 0) {
	$TPL_item_title = stripslashes(mysql_result($result,0,"title"));
}

if (empty($_POST['action'])) {
	include "header.php";
	include phpa_include("template_refer_a_friend_php.html");
	include "footer.php";
	exit;
}

if($_POST['action'] == 'sendmail' && phpa_securepost($_POST)) {
	//--Check errors
	if(!$_POST['sender_name'] || !$_POST['sender_email'] || !$_POST['friend_name'] || !$_POST['friend_email']) {
		$TPL_error_text = $ERR_032;
	}
	
	if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$",$_POST['sender_email']) ||
	!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$",$_POST['friend_email'])) {
		$TPL_error_text = $ERR_008;
	}
	
	if (strlen($TPL_error_text)>0) {
		include "header.php";
		include phpa_include("template_refer_a_friend_php.html");
		include "footer.php";
		exit;
	}
	
	
	
	
	
$query1 = "INSERT INTO PHPAUCTIONXL_refer_a_friend VALUES";

$query1 .= "(NULL";
$query1 .= ",";
$query1 .= "'$id2'";
$query1 .= ",";
$query1 .= "'$friend_email'";
$query1 .= ",";
$query1 .= "'$free_sign_up_bids'";
$query1 .= ",";
$query1 .= "'0'";
$query1 .= ")";

mysql_query($query1);	

    // echo $query1;



	                	
	//-- Send e-mail message
	include $include_path.'refer_a_friend_confirmation.inc.php';
	
	//-- Display confirmation web page
	include "header.php";
	include phpa_include("template_refer_a_friend_confirmation_php.html");
	include "footer.php";
	
	  //-- Add To Refer a friend database
	  
	  
	exit;
}
?>
